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REMARKS 

Claims 1, 6, 7, 10, 11, 14, 17 and 20 were pending. Claims 2-5, 
8, 9, 12, 13, 15, 16, 18 and 19 were previously canceled, without 
prejudice or disclaimer. By this Amendment, new dependent claims 
2 1 and 2 2 have been added, and independent claims 1 , 6 , 7 , 14 , 17 
and 2 0 have been amended. Accordingly, claims 1, 6, 7, 10, 11, 
14, 17 and 20-22 are now pending, with claims 1, 6, 7, 14, 17 and 
2 0 being in independent form. 

Applicant maintains that no new matter is introduced by this 
Amendment. Support for the claim amendments may be found in the 
application at, for example, page 5, lines 2-7, page 6, lines 8- 
11 , and page 8 , lines 13 -17 . Accordingly, Applicant respectfully 
requests that this Amendment be entered. 

Rejection Under 35 U.S.C. §103 (a) 

On page 3 of the January 25, 2005 final Office Action, claims 1, 
6, 7, 10, 11, 15, 17 and 20 were rejected under 35 U.S.C. §103(a) 
as allegedly unpatentable over U.S. Patent No. 6,339,423 to 
Sampson et al . in view of U.S. Patent No. 6,032,260 to Sasmazel 
et al . 

In reference to claims 1, 7, 14, 17 and 20, the January 25, 2005 
Office Action stated that Sampson discloses an access 
authentication system for providing a client with a service of 
connection to a terminal server. The Office Action further 
stated that the system includes a first authentication server for 
determining whether or not the client should be connected to the 
first terminal server, on the basis of personal information input 
by the client to the first terminal server. The Office Action 
also stated that the first authentication server creating first 
ticket data by encoding a client parameter, which includes part 
of the personal information, on the basis of a predetermined 
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formula. The Office Action further stated that the access 
control 240 performs the function of the authentication server by 
determining if the browser is authenticated. The Office Action 
stated that the access control also sends the browser a cookie 
that is encrypted therefore encoded personal information using a 
predetermined formula. The Office Action also stated that 
Sampson creates a second cookie by encoding the client parameter 
on the basis of a predetermined formula when the browser tries to 
connect to a new domain. 

The January 25, 2005 Office Action acknowledged that Sampson does 
not expressly disclose transferring the ticket to the web server, 
checking whether the ticket is used, and supplying the web server 
with information indicative of whether the second terminal server 
should be connected to the client. The Office Action further 
acknowledged that while Sampson discloses, a cookie (ticket) with 
user data, Sampson does not expressly disclose the data in the 
cookie encoded using a summarization using a one-way function. 

The January 25, 2005 Office Action stated that Sasmazel discloses 
a system of transferring the eticket from server to server. The 
Office Action further stated that the information in the eticket 
of Sasmazel is hashed (summarization using a one-way function) 
and encrypted (one-way function) . The Office Action also stated 
that the eticket of Sasmazel is transferred to the second 
terminal server by the first sending it to the browser and then 
the browser sends the ticket to the web server 220 or 240. 

The January 25, 2005 Office Action stated that the second 
authorization server (360), which performs the function of the 
second authentication server of detecting whether or not client 
parameter is valid and whether or not the first ticket data has 
been used. The Office Action further stated that Sasmazel checks 
whether the user is in session, which is a method of checking 
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whether the eticket has been used. The Office Action stated that 
the web server is then supplied data indicative of whether or not 
the second terminal server should be connected to the client. 
The Office Action also stated that Sasmazel stores in a file 
information for authenticating the user and therefore first 
ticket data. The Office Action further stated that comparing the 
first and second ticket data includes checking the validity of 
the ticket . 

The January 25, 2005 Office Action stated that the system of 
Sasmazel discloses the client parameter includes at least one of 
ID information of the client, and access-originator IP address 
and an expiration date set for the first ticket data. The Office 
Action further stated that the system of Sasmazel suggests the 
common character string is changed at a predetermined point in 
time . 

The January 25, 2005 Office Action alleged that it would have 
been obvious to a person of ordinary skill in the art at the time 
the invention was made, to transfer the ticket information to the 
web server, check whether the ticket is used and supply the web 
server with information indicative of whether the second terminal 
server should be connected to the client as in the system of 
Sasmazel in the system of Sampson. The Office Action further 
alleged that one of ordinary skill in the art would have been 
motivated to do this because the ticket may be securely passed 
from server to server without the user having to re-authent icate . 

In reference to claim 6, the January 25, 2005 Office Action 
further stated that in addition, Sampson discloses a system 
wherein the user may enter logon information. The Office Action 
also stated that logon information includes an ID and a password 
entered by the client. The Office Action further stated that the 
ticket disclosed by Sasmazel that is transported from server to 
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server includes an expiration date; and a common character string 
in the form of a public signature. The Office Action stated that 
since the ticket includes ID information and the system checks 
whether as user is in session. The Office Action also stated that 
the system of Sasmazel therefore compares the access-originator 
IP address provided in the ticket which is sent to the second 
terminal server this would result in determining whether or not 
access by the client has been executed on or before the 
expiration date . 

In reference to claim 10, the January 25, 2005 Office Action 
acknowledged that Sampson does not expressly disclose the second 
authentication means judges validity of the first ticket data. 

The January 25, 2 005 Office Action stated that Sasmazel stores in 
a file information for authenticating the user and therefore 
first ticket data. The Office Action further stated that 
comparing the first and second ticket data includes checking the 
validity of the ticket. The Office Action also stated that this 
suggests the second authentication means judges the validity of 
the first ticket data. 

The January 25, 2005 Office Action alleged that it would have 
been obvious to a person of ordinary skill in the art at the time 
the invention was made, to judge the validity of the first ticket 
data as shown in Sasmazel in the system of Sampson. The Office 
Action further alleged that one of ordinary skill in the art 
would have been motivated to this because checking the validity 
of the ticket would expose any attempt to carry out fraud. 

In reference to claim 11, the at the time the invention was made, 
Office Action stated that since the validity of the ticket is 
checked it follows that the legality of the client parameter is 
check. 
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Applicant maintains that the cited references do not render the 
claimed invention unpatentable. The claimed invention is 
patentable over the cited art for at least the following reasons. 



The present application relates to access authentication when 
service is provided to connect a client to a second terminal 
server via a first terminal server. In many instances, the client 
will want to obtain the benefit of services from plural terminal 
servers, since generally no single server can provide all of the 
services that the client would want. However, the client is 
typically contracted with the first terminal server for receiving 
services from the first terminal server, but is not contracted 
with the second terminal server (or additional terminal servers) . 
In addition, the client may not wish to connect directly to the 
second terminal server for other reasons (such as convenience) . 
For example, in order to connect directly to a terminal server, 
the client typically is required to supply personal information, 
such as ID information and password, to the terminal server. 
Therefore, if the client seeks the services of plural terminal 
servers, it is very inconvenient for the client to connect 
directly to the plural terminal servers, each of which would 
require the client to enter the personal information. 



Applicant devised improved techniques which enable a client to 
obtain services from plural terminal servers, without having to 
enter personal information plural times for the respective plural 
terminal servers. The claimed invention of the present 

application provides for authentication by transferring client 
parameter and first ticket data created by a first authentication 
server (associated with the first terminal server) to a second 
authentication server (associated with the second terminal 
server) . The first authorization server transfers the first 
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ticket data and the client parameter directly to the second 
authorization server without going through the client. Based on 
the first ticket data and the client parameter, the second 
authentication server determines whether or not the second 
terminal server is should be connected to the client. Thus, 
assuming the first ticket data and the client parameter are 
authenticated by the second authentication server, the client can 
be connected to, and obtain the services of, the second terminal 
server via the first terminal server. 

Applicant does not find teaching or suggestion in Sasmazel or 
Sampson of an access authentication system or method wherein the 
client is connected to the second terminal server via the first 
terminal server. Both Sasmazel and Sampson relies on the client 
to connect to the second terminal server after obtaining a data 
token or eticket from the first server. 

The April 25, 2 0 05 Advisory Action acknowledged that Sasmazel and 
Sampson do not disclose or suggest the feature that the client 
connects to the second terminal server via the first terminal 
server. The Advisory Action further stated that features recited 
in the preamble of the claims, however, are afforded no 
patentable weight. The Advisory Action also stated that adding 
the feature to the body of the claims that the client connects to 
the second terminal server via the first terminal server will 
overcome Sasmazel and Sampson. 

By this Amendment, independent claims 1, 6, 7, 14, 17 and 20 have 
been amended to include in the bodies thereof the feature that 
the client connects to the second terminal server via the first 
terminal server. 

In view of the claim amendments and remarks hereinabove, 
Applicant maintains that the application is now in condition for 
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allowance . 

If a telephone interview would be of assistance in advancing 
prosecution of the subject application, Applicant's undersigned 
attorneys invite the Examiner to telephone them at the telephone 
number provided below. 

If a petition for an extension of time is required to make this 
response timely, this paper should be considered to be such a 
petition, and the Commissioner is authorized to charge the 
requisite fees to our Deposit Account No. 03-3125. 

No fee, other than the enclosed $120.00 fee for the one-month 
extension of time and the enclosed $790.00 fee under 37 C.F.R. 
§1. 17(e) for the Request for Continued Examination, is deemed 
necessary in connection with the filing of this Amendment. 
However, if any additional fee is required, authorization is 
hereby given to charge the amount of any such fee to Deposit 
Account No. 03-3125. 



Respectfully submitted, 



I hereby certify that this correspondence is 
being deposited this date with the U.S. 
Postal Service with sufficient postage as 
first class mail in an envelope addressed to: 
Commissioner for Patents, P.O. Box 1450, 
Alexandria, VA 22313-1450. 



John P. White, /JReg. No. 2 8,678 
Paul Teng, ReAy No. 4 0,83 7 
Attorneys for Applicant 
Cooper & Dunham, LLP 
118 5 Avenue of the Americas 
New York, New York 1003 6 
(212) 278-0400 





